Author profile picture

Iran’s nuclear facility, which faced one of the world’s most complex cyber-attacks 17 years ago, is in the news this week. The Volkskrant reported that the virus was brought in by a secret agent. How does this “superworm” work?

Why I need to know about this:

You read a lot about it in the news this week: the cyberattack Iran faced seventeen years ago. A Dutchman appears to have brought in the virus – also known as a “superworm”. In this article, we explain, as far as we can, how a superworm works, and how it changed warfare forever.

An agent of the Dutch General Intelligence and Security Service (Algemene Inlichtingen- en Veiligheidsdienst, AIVD) played a crucial role in disrupting the Iranian nuclear project in 2007. Using the Stuxnet computer worm, the agent managed to infect systems. This cyber attack, targeting Iran’s nuclear facilities, was carried out manually via USB sticks. Stuxnet caused physical damage to the infected devices. The discovery of Stuxnet in 2010 revealed the extent of cyber warfare and profoundly influenced the development of subsequent malware.

The sabotage of Iran’s nuclear weapons program by a Dutch AIVD agent, Erik van Sabben, is a story that reads like a spy thriller. The impact of his action through the Stuxnet worm was enormous. Nearly sixty percent of Iran’s computers were infected, leading to serious delays in their nuclear ambitions. But how could a single agent with a USB stick produce such a far-reaching effect?

The birth of a cyber weapon

Stuxnet, an ingenious piece of code, was one of a kind. It was the first known malware to inflict physical damage – in this case, to the centrifuges at Iran’s Natanz nuclear facility. The virus exploited four so-called zero-day vulnerabilities.

A zero-day (also called 0-day) is a previously unknown vulnerability in software; an exploit is software that uses a security hole to carry out an attack. Hence the nickname “worm”. It is used or shared by attackers before the target software developers know anything about this vulnerability.

The complexity of Stuxnet indicates well-funded and organized development. Estimates of the cost range up to a billion dollars. The fact that the worm could spread via USB drives was essential because the target installations were not directly connected to the Internet.

The infiltration

Erik van Sabben, the Dutch engineer and AIVD agent, had the technical expertise and necessary local connections to place the virus. His background and Iranian connections made him the ideal candidate for this dangerous mission. Yet, this was no easy task. The virus had to be manually inserted into an environment known for its stringent security measures.

The insidious thing about Stuxnet was that it could sometimes stay under the radar for weeks or even months, to strike with devastating force suddenly. The virus was programmed to take over the Siemens controllers and make the centrifuges spin themselves to pieces without any external indication of sabotage.

The revelation and international implications

When Stuxnet was finally discovered in 2010, the world witnessed the birth of a new era in warfare. The virus not only spread within Iran but also hit Siemens equipment in some 150 countries. This unintended effect showed the potentially global reach of such cyber weapons.

The perpetrators behind the virus, though initially a mystery, were reportedly U.S. and Israeli intelligence agencies. Their goal was clear: to disrupt Iran’s nuclear program. But Stuxnet’s escape outside its intended environment revealed the risks of such digital weapons and their potential to unintentionally target allies as well.

A pioneer in digital warfare

Stuxnet is considered the most powerful cyber weapon of its time, and the revelations surrounding Van Sabben’s involvement have led to a storm of political discussion in the Netherlands. The House of Representatives is demanding clarification as to why the AIVD was unaware of the operation being carried out by one of their own agents.

The implications of Stuxnet are far-reaching. It has served as a blueprint for other malware, such as Flame and Duqu, and has fundamentally changed how governments and companies think about cybersecurity.

Lessons for the future

The aftermath of Stuxnet highlights the importance of cybersecurity measures. Companies and governments worldwide are now more focused than ever on protecting their critical infrastructures from such attacks. Using firewalls, monitoring network activity, and strict policies on the use of removable media are just some of the steps to prevent similar incidents in the future.

As the digital world evolves at breakneck speed, it is becoming increasingly clear that the line between the cyber and physical worlds is blurring. Stuxnet has paved the way for an era in which cyber attacks can have tangible consequences.